Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | 1x 10x 1x 6x 6x 6x 6x 13x 6x 2x 4x 4x 2x 2x 1x 49x 1x 1x 1x 7x 106x 4x 4x 4x | import { createError } from "@middy/util";
import { APIGatewayEvent } from "shared-types";
import { roles } from "shared-types/opensearch";
import { isUserManagerUser } from "shared-utils";
import { authenticatedMiddy, ContextWithAuthenticatedUser } from "../middleware";
import {
getAllUserRoles,
getAllUserRolesByEmail,
getAllUserRolesByState,
getUserRolesWithNames,
} from "./userManagementService";
const getActiveRole = (roles: roles.Document[], roleName: string) =>
roles.find((roleObj) => roleObj.role === roleName && roleObj.status === "active");
export const handler = authenticatedMiddy({
opensearch: true,
setToContext: true,
body: false,
}).handler(async (event: APIGatewayEvent, context: ContextWithAuthenticatedUser) => {
const { authenticatedUser } = context;
Iif (!authenticatedUser?.email) {
throw createError(401, JSON.stringify({ message: "Email is undefined" }));
}
// get all of the roles for the current user
const userRoles = await getAllUserRolesByEmail(authenticatedUser.email);
const approverRoles = userRoles.filter(
(roleObj) =>
isUserManagerUser({ ...authenticatedUser, role: roleObj.role }) &&
roleObj?.status === "active",
);
if (approverRoles.length <= 0) {
throw createError(403, JSON.stringify({ message: "User is not authorized to approve roles" }));
}
let roleRequests: roles.Document[] = [];
if (getActiveRole(approverRoles, "systemadmin") || getActiveRole(approverRoles, "helpdesk")) {
roleRequests = await getAllUserRoles();
} else if (getActiveRole(approverRoles, "cmsroleapprover")) {
roleRequests = await getAllUserRoles();
// cmsroleapprovers can only see statesystemadmin requests
roleRequests = roleRequests.filter((roleObj) => roleObj?.role === "statesystemadmin");
} else {
const stateSystemAdmin = getActiveRole(approverRoles, "statesystemadmin");
Eif (stateSystemAdmin) {
roleRequests = await getAllUserRolesByState(stateSystemAdmin?.territory);
// statesystemadmins cannot update other statesystemadmin requests
roleRequests = roleRequests.filter((roleObj) => roleObj?.role !== "statesystemadmin");
}
}
// filter out the current user from the role requests
roleRequests = roleRequests.filter((adminRole) => adminRole?.email !== authenticatedUser.email);
Iif (!roleRequests.length) {
return {
statusCode: 200,
body: [],
};
}
const roleRequestsWithName = await getUserRolesWithNames(roleRequests);
return {
statusCode: 200,
body: roleRequestsWithName,
};
});
|